4 matches found
CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection
Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...
CVE-2026-43972
Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...
EUVD-2026-35073
Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...
PT-2026-47298
Origin Validation Error vulnerability in ninenines gun gun http2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSH PROMISE authority. In gun http2:push promise frame/7, the :authority pseudo-header from an incoming PUSH PROMISE frame is stored verbatim into the promised stre...